package com.ling.pl.security.decision;

import com.ling.pl.security.model.DefaultOrg;
import com.ling.pl.security.model.DefaultUser;
import com.ling.pl.security.utils.AttributeType;

import java.util.Collection;
import java.util.List;

/**
 * 1.首先判断当前用户所在所有部门是否有在授权的部门范围内,如果在就明确返回允许或拒绝访问,<br>
 * 2.如果都不在那么再找当前登录用户所在部门的父部门有没有权限，如果没有，那么就拒绝访问
 */
public class OrgAccessDecisionVoter extends AbstractAccessDecisionVoter {

    @Override
    protected AttributeType getAttributeType() {
        return AttributeType.org;
    }

    public int vote(DefaultUser authentication, Object object, Collection attributes) {
        List<DefaultOrg> loginUserOrgs = authentication.getOrgs();
        if (loginUserOrgs == null || loginUserOrgs.size() == 0) {
            return ACCESS_ABSTAIN;
        }
        return decitionOrgs(attributes, loginUserOrgs);
    }
}
